File-encrypting KeyPass ransomware has a hidden manual control feature

KeyPass ransomware is a virus that can customize its encrypting process

This ransomware encrypts files with AES method like other file-encrypting viruses. After this process is done, virus places a file extension on every modified file, replacing the original one. This makes data useless, and your PC becomes a mess. Virus displays a ransom message when encryption is done, and the victim can see more details about the whole process and instructions or further actions.

However, this is not so ordinary ransomware. KeyPass ransomware contains a manual control that is hidden and can be shown only after a particular button on the keyboard gets pressed. This feature is uncommon among other ransomware and can be an indicator that criminals behind this virus intend to use it in manual attacks from the start.

Unusual processes make a significant difference

This virus has a form hidden by default and after the specific key is pressed this form shows and allows the attacker to customize the whole encryption process. It is done by changing various parameters. Developers can change the name or text of the ransom note, file extension or victims’ identification key. List of paths that need to be executed from the encryption also can be modified. Hackers can easily change the price of the decryption too.

The KeyPass ransomware operates automatically but when criminals can gain the remote access to the infected system this advantage allows them to modify any default encryption parameter and it makes this virus customizable and very dangerous. Especially compared to other ordinary ransomware-type infections.

Ransomware is spread using various methods

The most common way of spreading ransomware is spam email attachments that are filled with viruses directly or contain malicious script. These files can be disguised as commonly seen documents, service receipts or invoices. Do not fall for this scam, because links on these emails or files attached to them may be infected. Try to send an answer-back and see are they responding. If there is no communication or your email cannot go to the address be aware. It might be an auto-generated scam created for the virus spreading.

Also, search for typos or grammar mistakes. Cybercriminals are often talking in another language. Remember to do not download files from these emails. Clean your spam email box and avoid opening emails you were not expecting. Furthermore, don’t forget to update your software, applications in time. Especially antivirus or anti-malware tools. These can detect possible threats and block them before the infiltration.